The new functionality will allow you to keep your custom domain name active for the entire checkout process, ie no switching the name during checkout. It will also enable the store to be in secure mode 100% of the time.

Prerequisite

Your site must be using the Cloudflare service in order to activate your custom domain name as the secure name. If Cloudflare is not yet activated you will be unable to proceed.

To enable this feature please visit

General–>Domain Name–>View/Edit

Click on the Edit link for the default custom domain name

Check the box labelled, Set as secure

Select the Save button

The store will now use the secure default domain name for all pages of your site and will no longer switch back and forth.

All old urls will continue to be active, ie visitors coming in to mysite.storesecured.com would be redirected to the stores default domain name.

Important Considerations

The store will automatically use secure mode 100% of the time if your secure name and default name are the same. This is a good thing for Google and other search engines as it can boost your rankings since they now give preference to secure sites. It is important to note however, that if you are using external scripts, image paths or full path to other references that are unsecure, ie http vs https, these external unsecure references can potentially give an error message to your customers on the secure page. Ie something like, warning there are unsecure items on this page. The actual security is not compromised but the error message can scare away some customers. Therefore if you want to take advantage of this functionality we highly recommend first ensuring that you do not have any unsecure paths referenced.

We normally see these unsecure paths coming from external scripts, ie things added to the template like, 3rd party seals, 3rd party javascript, counters or statistics scripts, or images that are hosted outside of our system. If you are receiving these unsecure errors and need help determining how to correct or find the issues please contact our support team by submitting a support ticket, we would be happy to help.

Due to the ever changing PCI landscape and increasingly stringent PCI rules and regulations, moving forward StoreSecured will no longer store full credit card numbers. Storing this information causes increased potential risk and PCI burden for StoreSecured and all our merchants.

Effective 9/1/2016 ONLY the last 4 digits will be stored for new transactions. All existing full credit card numbers stored in the system will be removed by September 16.

For merchant using No Processor, (manually processing credit cards)

Please note that this means that StoreSecured will no longer support offline manual credit card processing due to the requirement to access the full credit card numbers for doing so. Instead we recommend the usage of one of our low cost gateways for real time processing such as Braintree or PayPal. See general–>payments–>gateway. All merchants using no processor have been contacted previously about this change.

For merchants using a real time payment gateway

Please note that the credit card information is NOT required for credits, voids or refunds. The last 4 digits of the card number will be saved for reference purposes and also for a few gateways who require the last 4 digits for refunds and captures. In addition most gateways provide a way to re-charge a customer who has already made a purchase through your store, thus making access to the credit card information not necessary.

Merchants, your PCI compliance scope should be reduced with the removal of access to this sensitive information which may mean less strict requirements and an easier yearly questionnaire.

For any questions, comments or concerns regarding these changes please contact us via the support system or at support@storesecured.com

If your store is only available at a subdomain, for instance, mystore.storesecured.com or mystore.easystorecreator.com the below information does NOT apply.
=====================================================

In order to take full advantage of the planned upgrades and for a more seamless transition we urge all customers who are currently using Rackspace nameservers to update your domain nameservers.

ONLY the two CloudFlare name servers should be present. All other nameservers must be removed.

Your website will not experience any downtime when you change your nameservers.

How do I change nameservers?
==================================
Nameservers can be changed at your domain name registrar, ie the company who you pay your yearly domain name fee to. Some examples of domain name registrars are network solutions and godaddy.

Why do I need to do this?
==================================
We are transitioning all merchants who use the Rackspace DNS to Cloudflare DNS for their advanced zone apex management and traffic protection. The Rackspace DNS is older and does not provide the necessary support and automated management. All sites WILL continue to function even if the change is NOT made but we will be unable to automatically route your shoppers to the least busy server.

Special notes and considerations
==================================
If you use your domain name for any services outside of StoreSecured, ie 3rd party email or websites please let us know so that we can ensure your setup is correct for the switch over.

Questions
==================================
If you have any questions, comments or concerns please contact support at support@storesecured.com, we would be happy to help.

Ho Ho, Merry Christmas, Santa has come early this year. Just in time for the busy holiday shopping season we have negotiated a new deal with our hosting provider to offer additional bandwidth for all of our merchants. The new plan limits will take effect for the November billing cycle which is billed at the beginning of December.

Effective Saturday August 3rd evening all stores will be switched to a log in method based on email address INSTEAD of user name. To prevent confusion or problems, all existing customers will be able to log in using EITHER a user name OR email address. New customers will no longer be asked to choose a user name upon registration and the system will automatically use the email address for this purpose. The fields currently labelled User name will be modified to say Email Address. This change will enable easier registration for users as well as easier return log in with no need to remember a user name. The email address log in is now standard among most online stores.

The store will no longer ask for separate email addresses for billing and shipping. The email address given will be used in place of both and all customer email notifications will be sent to that address. No changes are required from individual store owners, our team will update all stores automatically with the new functionality.

This notice is being given 1 week ahead of the update to allow you to notify your customers if you feel it is necessary before the change takes place. Existing users can still log in with their user name if they so choose. For example if the user name is entered instead of the email address in the email field it will be accepted and the user will be logged in.

We want to make sure this transition is smooth for all of our clients and their customers and welcome any questions, comments or concerns via support request.

The blog summary handling has been modified to include a separate summary field. Merchants can now define a special blog summary which will be shown on the main blog page instead of the full blog post. This replaces the previous handling where we were automatically cutting down the full blog post to 500 characters. Automatically cutting the blog post was creating problems with invalid html on many blog posts due to html throughout the posts and tags no longer matching. If no separate blog summary is given the entire post will be shown on the summary page. To create summaries for your blog posts please visit the blog post edit screen, ie Design–>Blogs–>View/Edit

Abandoned Purchase Email

A check box has been added to the abandoned purchase email notification to alert the store admin about the abandoned purchase. This email will automatically be sent, if it is enabled, at the same time that the email is sent to the customer about their purchase. This allows the store admin to follow up with the customer if necessary. To enable the admin notification go to General–>Email–>Notifications and look under the Abandoned Purchase Email heading.

Recently we have been visited by spammers who were able to send spam through a few of our merchants email accounts. The email accounts which were compromised had easy to guess simple passwords. These attacks have affected our reputation as an email provider which in turn affects the deliverability of messages sent from our server. It is everyone’s responsibility to ensure that your email inbox’s have strong passwords to prevent these types of attacks from happening. Our staff is working hard to restore our reputation but we need help from you. Please double check all of your email inbox passwords to ensure that they are using strong passwords consisting of at least one each of the following:

upper and lowercase letters

number

symbol

at least 7 characters

The strong email passwords have been a requirement since June 25th of last year but they are only enforced automatically for users who login via webmail (to see the applicable blog entry click here). Over the next few days we will be sending support requests to stores which have email passwords that do not meet the strong password criteria and asking you to update them if applicable. Inbox’s which do not meet the password requirements will be limited to only sending a few messages per hour beginning May 1st. To change your password just login to webmail, if your password does not meet the strength requirements you will be prompted to change it.

I know, these types of updates and new requirements aren’t fun and it they take time away from your core business but security is important. Hackers and spammers are getting more sophisticated every year and we all need to stay ahead of them to ensure your business and ours runs smoothly.

Per our previous blog post regarding the important FTP changes, if your FTP password does not meet the password strength requirements your FTP access been disabled. If your FTP account was disabled it can be re-enabled by updating your FTP password from My Account–>Change FTP Password and then enabling FTP from General–>FTP.

The SFTP/SSH method of securely connecting to FTP described in our previous blog post is now available for use. If you prefer to use this method of connction instead of FTPS you may connect using port 22. The SFTP/SSH method of uploading files is generally slower then FTPS and should be used only if you cannot use FTPS on port 990.

Please remember that we will be turning off support for regular FTP on port 21 effective this coming Monday March 25th.